CVE-2024-34687

Опубликовано: 14 мая 2024

Источник: nvd

CVSS3: 6.5

CVSS3: 9

EPSS Низкий

Описание

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system.

Ссылки

https://me.sap.com/notes/3448445
Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
Patch
https://me.sap.com/notes/3448445
Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:795:*:*:*:*:*:*:*

cpe:2.3:a:sap:sap_basis:796:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.0013

Низкий

6.5 Medium

CVSS3

9 Critical

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-x685-hmwx-rrvf

CVSS3: 6.5

github

больше 1 года назад

EPSS

Процентиль: 33%

0.0013

Низкий

6.5 Medium

CVSS3

9 Critical

CVSS3

Дефекты

CWE-79